torizon_audit 0.0.6 → 0.0.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/torizon_audit.rb +25 -20
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2c50971c4656b798f91fc6c5425f9980f87e787dfee2c298c96621935b505923
|
|
4
|
+
data.tar.gz: dffd561304c72e55c5d0d77abc578fc27aeed8c387de97579c6dd186fd719032
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e7081b8c8313196678c72f38c70963a4e8cce844ed0ec35c89b94714206556e927319cab3ca36f5007e6178c252c2aa1383dd6bc247f082b047969222d466f3c
|
|
7
|
+
data.tar.gz: 26cb791aef470cae8b5def32a70f25d5a235989fef4b721105b687c97c52ccfc2ccc619cc3980cd9a8f70cde5b6b593599bce39ce5652219954dc69a81403566
|
data/lib/torizon_audit.rb
CHANGED
|
@@ -24,7 +24,7 @@ class Query
|
|
|
24
24
|
|
|
25
25
|
def initialize(maxNumLogs = 10000)
|
|
26
26
|
@query = {
|
|
27
|
-
"from" => 0,
|
|
27
|
+
"from" => 0,
|
|
28
28
|
"size" => maxNumLogs,
|
|
29
29
|
"query" => {
|
|
30
30
|
"bool" => {
|
|
@@ -106,14 +106,15 @@ class Audit
|
|
|
106
106
|
end
|
|
107
107
|
|
|
108
108
|
def findAction(method, uri)
|
|
109
|
-
@@actionsMap.
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
109
|
+
_, m = @@actionsMap.find do |uriPattern, methodActions|
|
|
110
|
+
uri.match(uriPattern) && methodActions.key?(method)
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
if m.nil?
|
|
114
|
+
"Unknown Action"
|
|
115
|
+
else
|
|
116
|
+
m[method]
|
|
117
|
+
end
|
|
117
118
|
end
|
|
118
119
|
|
|
119
120
|
def userActions(from, to, namespace, dropUnknownActions = true)
|
|
@@ -127,20 +128,24 @@ class Audit
|
|
|
127
128
|
actions = response["hits"]["hits"].map{ |obj|
|
|
128
129
|
src = obj["_source"]
|
|
129
130
|
{
|
|
130
|
-
"
|
|
131
|
-
"
|
|
132
|
-
"
|
|
133
|
-
"
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
131
|
+
"time" => DateTime.parse(src.key?("@timestamp") ? src["@timestamp"]: ""),
|
|
132
|
+
"host" => "app.torizon.io",
|
|
133
|
+
"source" => "torizon",
|
|
134
|
+
"event" => {
|
|
135
|
+
"path" => src.key?("uri") ? src["uri"]: "",
|
|
136
|
+
"method" => src.key?("request_method") ? src["request_method"] : "",
|
|
137
|
+
"namespace" => src.key?("namespace") ? src["namespace"]: "",
|
|
138
|
+
"origin_namespace" => src.key?("origin_namespace") ? src["origin_namespace"]: "",
|
|
139
|
+
"status_code" => src.key?("status") ? src["status"]: "",
|
|
140
|
+
"ip" => src.key?("client_addr") ? src["client_addr"]: "",
|
|
141
|
+
"query" => src.key?("query_string") ? src["query_string"]: "",
|
|
142
|
+
"log_id" => obj.key?("_id") ? obj["_id"]: "",
|
|
143
|
+
"action" => self.findAction(src.key?("request_method") ? src["request_method"] : "", src.key?("uri") ? src["uri"]: "")
|
|
144
|
+
}
|
|
140
145
|
}
|
|
141
146
|
}
|
|
142
147
|
if dropUnknownActions
|
|
143
|
-
return actions.select{|req| req["action"] != "Unknown Action"}
|
|
148
|
+
return actions.select{|req| req["event"]["action"] != "Unknown Action"}
|
|
144
149
|
end
|
|
145
150
|
return actions
|
|
146
151
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: torizon_audit
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ben Clouser
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-03-
|
|
11
|
+
date: 2023-03-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies: []
|
|
13
13
|
description: Fetch user actions from torizon platform
|
|
14
14
|
email: ben.clouser@toradex.com
|